Beruflich Dokumente
Kultur Dokumente
Cryptanalysis
1. a) Define cryptography.
The use of mathematical operations to protect messages traveling between parties or stored on a
computer.
b) What is confidentiality?
Confidentiality means that people who intercept messages cannot read them.
The plaintext is the original message to be delivered. When the plaintext is encrypted, it becomes
ciphertext and cannot be read by an interceptor. However, the receiver can decrypt the ciphertext back
to plaintext.
Ciphertext
e) What is a cipher?
f) What is a key?
As long as the key is kept secret, both parties will still have confidentiality.
h) What is a cryptanalyst?
15
l
16
23
16
9
n
12
20
25
d
Substitution and Transposition Ciphers
Substitution Ciphers
Transposition Ciphers
Real Encryption
Substitution ciphers
11 h
12 n
13 i
21 t
22 w
23 t
31 e
32 o
33 s
Key Part 1
Key Part 2
n
o
The advantage of codes is that people can do encoding and decoding manually, without a computer.
The disadvantage of codes is that code books must be distributed ahead of time, and if one code book is
intercepted, all confidentiality is lost.
Because two parties only use a single key for encryption and decryption in both directions
b) When two parties communicate with each other using symmetric key encryption, how many keys are
used in total?
c) What type of encryption cipher is almost always used in encryption for confidentiality?
Nearly all encryption for confidentiality uses symmetric key encryption ciphers.
Simply make the key so long that the time needed for attackers to crack the key is far too long for
practicality.
b) If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to
45 bits?
Because each bit doubles the time it takes to crack a key, extending the key length by 2 bits would
increase the time to crack by 2^2 = 4.
If a key is 43 bits long, it’ll take 4.4E+12 tries, and if it is 45 bits long, the crack will take 1.76E+13 tries.
c) If it is extended to 50 bits?
d) If a key is 40 bits long, how many keys must be tried, on average, to crack it?
So on average, a brute-force password cracker will need about 550 billion tries.
Symmetric encryption keys must be 100 bits or longer to be considered a strong key.
Human Issues in Cryptography
Cryptography is not an automatic protection because it is not infallible. The humans that utilize
cryptography can do things that either completely compromise the key or provide sufficient data to
allow more efficient cracking of the key. Companies must have and enforce processes that do not
compromise the strengths of cryptography.
It is not an automatic protection because if a sender or receiver fails to keep the key secret, an
eavesdropper may learn the key and read every message. Poor communication discipline in general can
defeat the strongest cipher and longest key. Also, communicating partners can have a false sense of
security because they will think that the cracked encryption method is still protecting them. The reality
of cryptography is that it is not an automatic protection. It only works if companies have and enforce
organizational processes that do not compromise the technical strengths of cryptography.
RC4
First, RC4 is extremely fast and uses only a small amount of RAM.[1] This means that it is ideal for small
handheld devices and was viable for even the earliest 802.11 wireless access points. Second, RC4 can
use a broad range of key lengths. For most ciphers, longer key length is better. However, RC4 was widely
used primarily because its shortest optional key length is 40 bits.
An RC4 key length of 40 bits is commonly used because national export limits in many countries once
limited commercial products up to 40-bit encryption.
c) Is this a strong key?
No. It is less than 100 bits long, so it is not strong. It was selected because it was weak.
DES keys are 56 bits long (64 bits with 8 redundant bits to allow parties to detect incorrect keys).
DES is only 56 bits, therefore, it is not strong. (It needs to be 100 or more.)
The DES key is 56 bits long. It comes in a block of 64 bits, of which 56 bits represent the key. The other 8
bits are redundant in the sense that you can compute them if you know the other 56 bits. This
redundancy allows parties to detect incorrect keys. DES encrypts messages 64 bits at a time. The inputs
for the encryption are the key and the 64-bit block of plaintext. The output is a 64-bit block of
ciphertext.
112 bit and 168 bit are the two common effective key lengths in 3DES.
DES is slow and having to apply DES three times is extremely slow, therefore, extremely expensive in
terms of processing cost. 3DES is prohibitively slow for use on personal computers.
It offers 3 alternative key lengths instead of two. AES is efficient enough in terms of processing power
and RAM requirements to be used on a wide variety of devices.
c) Which strong symmetric key encryption cipher can be used with small mobile devices?
AES can be used with small mobile devices.
d) Which symmetric key encryption cipher probably will dominate symmetric key encryption in the near
future?
AES
14. a) It is claimed that new and proprietary encryption ciphers are good because cryptanalysts will
not know them. Comment on this.
The fact that a cryptanalyst does not know a proprietary encryption cipher does not mean that it is a
good, strong cipher. In reality, it is very difficult to create a vulnerability-free cipher that is not cracked
quickly by an expert cryptanalyst.
It relies on attackers not to obtain learnable information and it is bad because it could result in
catastrophic loss of security if known.